Benjumea J, Ropero J, Rivera-Romero O, Dorronzoro-Zubiete E, Carrasco A. (2020). Privacy assessment in mobile health apps: Scoping review. JMIR Mhealth Uhealth. 8(7): e18868. doi: 10.2196/18868
Researchers conducted a scoping review of studies published from 2014 onward to evaluate how the scientific community assesses the privacy of mHealth apps. Using search terms related to privacy, mHealth, and assessment, researchers identified 710 journal articles, conference papers, and book chapters in 5 electronic databases. After removing duplicate papers and performing full-text reviews, 24 papers (representing 24 different studies) were eligible for analysis. Researchers defined a taxonomy of privacy components and extracted data into 4 categories: general information, evaluation procedure, evaluation criteria, and scoring method. Fitness apps (25%) and mental health apps (21%) were the most analyzed types of app. Most studies (79%) included an examination of app privacy policies (either as part of the assessment or as the sole focus). Only 8 studies (33%) assessed both privacy and security features. A third of studies (33%) included an evaluation of in-app information (e.g. user data rights, data collection risks, recipients of personal data, protection of minors). A minority of studies (21%) developed evaluation criteria based on legal frameworks (i.e. the Health Insurance Portability and Accountability Act (HIPAA) or the European General Data Protection Regulation (GDPR). Only 2 studies (8%) included assessment of the types of personal data collected by the apps. Researchers observed significant heterogeneity and subjectivity in evaluation criteria across the 24 studies. Each study defined and used a different set of evaluation criteria. Almost all studies (93%) used a scoring method to compare privacy between apps. Given the heterogeneity and subjectivity of evaluation criteria, future research could develop a single, coherent scoring method based on more objective, legal-based criteria.